The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Computing devices that access resources over a network are commonly subjected to an authentication process. The authentication process determines whether a device requesting access to the network, or to a particular resource, actually is the device that it purports to be. If the device is authenticated, then depending on its identity, role, and other policy data, the device may be permitted to access the network, or selected resources within the network. In the past, authentication processes have focused on user authentication. More recently, technical development has migrated toward techniques for device authentication. These techniques are used, for example, for wireless computing devices such as cellular radiotelephones, personal digital assistants, and portable computers that communicate with servers and other resources over a network.
In one past approach, used in wireless networks, a particular authentication mechanism that is based on Extensible Authentication Protocol (“EAP”), known as EAP-SIM authentication, uses the GSM mobile phone infrastructure to authenticate users. In this approach, a GSM authentication center holds authoritative data that is used to authenticate the identity of particular mobile devices. Performing authentication involves communicating numerous messages between the mobile device and the GSM authentication center. If the mobile device requires re-authentication, the same process with multiple round-trip messages is used. This is time-consuming and computationally expensive. As a result, this approach is undesirable for mobile devices that frequently cross boundaries of wireless networks.
This approach is particularly unworkable because re-authentication can be triggered by numerous events. For example, re-authentication is typically required whenever the mobile device is powered up or rebooted, when a user logs off the device, when the device is moved to a new access point, when the device moves in and out of range of an access point, or when new cryptographic keys are distributed. In addition, it is possible for partial or unintended authentication to take place if the mobile device is temporarily or transiently brought in or out of range of an access point.
Based on the foregoing, there is a clear need for an improved method for re-authenticating mobile devices in networks.
There is a specific need for an improved method for efficiently re-authenticating mobile devices that use wireless networks.
There is also a need for an approach for efficiently re-authenticating mobile devices that use wireless networks that eliminates performing unnecessary round-trip messages and EAP-SIM authentication whenever re-authentication is needed. There is also a need for an approach that can reduce processing and network load on the GSM authentication infrastructure.